explanation about the reserves

[monperrus]

Hi BitMEX, I'm working on proof-of-reserves, thanks for the great repo.

I don't completely understand the reserve part.

  - {'addr_type': 'sh', 'addr': '3BMEX12J5prrSBPdU5HD7HtmqULtbffncm', 'script': '534104220936c3245597b1513a9a7fe96d96facf1a840ee21432a1b73c2cf42c1810284dd730f21ded9d818b84402863a2b5cd1afe3a3d13719d524482592fb23c88a341043f0931bfb3b6ff507ab5768c3f2a8d1f2a76197dba11f1d2ce912993334a47a8266d7f21a86dce1df22d5443414e610178aeb1d5f914c94fb432ee2c62fa145c410472225d3abc8665cf01f703a270ee65be5421c6a495ce34830061eb0690ec27dfd1194e27b6b0b659418d9f91baec18923078aac18dc19699aae82583561fefe54104a24db5c0e8ed34da1fd3b6f9f797244981b928a8750c8f11f9252041daad7b2d95309074fed791af77dc85abdd8bb2774ed8d53379d28cd49f251b9c08cab7fc54ae', 'balance': '115392'}

And reading about the usage later:

    for i in range(num_scan_chunks):
        now = time.time()
        logging.info(f"Scanning chunk {i+1}/{num_scan_chunks}, this may take a while")
        # Making extremely long timeout for scanning job
        chunk = descriptors_to_check[i * chunk_size : (i + 1) * chunk_size]
        res = bitcoin.scantxoutset(
            ["start", [x[0] for x in chunk]],
            timeout=60 * 60,
        )

Could you provide a bit more information and explain what the script means? What does it prove?

Thanks!

[shuckc]

Hi @monperrus Prior to the descriptor format introduced in Bitcoin, the script is simply the locking script that gets hashed into the address. Only our oldest legacy addresses are presented this way, and we compute the equivalent descriptor in this code. For newer addresses we present the descriptor directly. At some point we will eliminate this step and make the proof of reserves file completely descriptor based. We present these same 'scripts' as part of our User Wallet model in the API, so having them here in this form allows a user to verify it matches.

[monperrus]

thanks a lot @shuckc

now it's clear:

• compile_proofs computes the descriptors
• scantxoutset returns the amount stored on those descriptors
• the amount is checked against the claimed balance in YAML

See tentative documentation improvement at https://github.com/BitMEX/proof-of-reserves-liabilities/pull/20

[monperrus]

Also, how does BitMEX prove ownership of a given address ? (for example by signing a challenge message)

[shuckc]

With the old script-based wallets it was difficult for us to prove ownership other than by continued use of the keys to sign transactions to/from BitMEX claimed addresses (3BMEX....), and since 3 of the pubkeys were reused for all legacy addresses, they became well known. This was a limitation of our signing infrastructure, it could only sign transactions not messages.

With the descriptor based addresses, we can sign a message using the usual bitcoin message signing/verification protocol to show ownership of each public key. Nearly all of our signing infrastructure now supports this, so we plan to add the latest messages signed by each pubkey to the reserves file, along the lines of:

A BitMEX key at regtest height 2441228 hash 000000000000002036b13b9bb7896478d518c661644cf3e441d108aba66c71fc

Where we will insert the latest block height, hash and network for each environment and update this periodically.

OKEX do something similar - they have each address sign the message "I am an OKX address", demonstrated here https://www.okx.com/proof-of-reserves

[monperrus]

OKEX do something similar - they have each address sign the message "I am an OKX address", demonstrated here okx.com/proof-of-reserves

Yes, they are doing good proofs of reserves

so we plan to add the latest messages signed by each pubkey to the reserves file

that will be awesome, thanks for letting us know.